I have integrated Zoom OAuth in the MacOS app (with Zoom Meeting SDK).
Where the app is redirected the user to the browser and the browser is redirected the user back to the application if the auth is success.
But I have a question about logout: what is the correct way to logout?
There are two endpoints:
POST: https://zoom.us/oauth/revoke Account in browser is still active after this request. And user isn’t showed Zoom’s OAuth ways page (Google, FB, etc), just signing in automatically.
DELETE: https://api.zoom.us/v2/users/{userId}/token User is showed Zoom’s OAuth ways page (Google, FB, etc) even after reauth (and that’s what I want), BUT this request initiate logout from ALL clients where I was logged in.
Problem
the main problem for me for now that after https://zoom.us/oauth/revoke endpoint using if I want to sign in again - browser make a “auto login”, I mean browser redirects me to the app without Zoom’s OAuth ways page (Google, FB, etc) and without the page where I can select an account.
Question
How can I reach the behavior when after revoke request I won’t have “auto login” with the last logged user in my browser?
macOS Monterey Version 12.1
Safari Version 15.2 (17612.3.6.1.6)
@donte.zoom Hi, thank you for the answer!
Could you please confirm that revoke api method should logout the current user from the browser too?
and after revoking it should not be an auto login effect?
For example I mean the user who have used gmail to enter.
Correct, @anton.yereshchenko!
It should not be an auto-login effect after revoking; the user will have to authenticate your app to use it again. You can test this edge case by adding a user, then revoking their access token.
[USING Revoking: https://zoom.us/oauth/revoke]
by an auto-login effect I mean the behaviour, when the browser doesn’t give ability to select a new account (or way to login) and redirects to the application using the last known account (attached demo video).
sign in - zoom oauth procedure
sign out - revoking an access token
should I remove cookies? or something like this to open Sign in page after revoking?
Sign in page:
Hi @anton.yereshchenko, yes please try clearing browser cookies as it is likely having the user credentials persist. Can you please report back and let us know if this works?
When you say should you remove cookies to open Sign in page after hitting the revoke endpoint. Are you saying that after removing cookies, you are not able to open the Sign in page ? Please see this post for more details on the expected results of hitting the revoke endpoint :
So as I understand we should use access token revoking when we want to remove the app from “Added Apps”, shouldn’t we?
Maybee revoking isn’t what I’m looking for.
I need the endpoint to logout from current session (not from all, if it posible)
Just to sign out from the current account, with ability to select another account or login way.
Is it supported for now?